Last updated: May 5, 2026
This Privacy Policy explains how შპს ტაბლი (Identification Number: 416395289) ("we", "us", "our") collects and uses personal data when you use the Tably platform available at https://tably.ge (the "Platform").
The Platform is used by restaurant owners, managers, and staff to manage their establishments' digital presence, menus, orders, and customer interactions. This Privacy Policy applies to both the Admin Panel (backoffice) and the customer-facing menu application. In this Policy, we refer to these collectively as the "Service".
We are committed to protecting your privacy and processing your personal data in accordance with the EU General Data Protection Regulation (GDPR) and Georgian data protection legislation.
Language and translations: This Privacy Policy is drafted in English and the English version is the original and legally binding version. Any versions of this Privacy Policy that you may see in other languages are generated by machine translation and are provided solely for your convenience. In the event of any inconsistency or conflict between a translated version and the English version, the English version shall always prevail.
Data Controller:
შპს ტაბლი (Tably LLC)
Registered in the Republic of Georgia
Identification Number: 416395289
Registered address:
საქართველო, ქალაქი რუსთავი, გიორგი ლეონიძის ქუჩა, N 24
Contact email for privacy matters: info@tably.ge
We do not have representative offices or branches in other countries.
At the moment we have not appointed an EU/EEA representative or a Data Protection Officer (DPO). If this changes, we will update this Policy.
This Policy applies to the Tably Platform – the digital menu and restaurant management system that restaurant owners, managers, staff, and their customers use to:
Create and manage restaurant accounts
Create and update digital menus in multiple languages
Upload menu photos and content
Process customer orders in real-time
Manage table reservations
Configure pricing and availability
View analytics and reports
Communicate with customers
Manage restaurant locations and settings
Scan QR codes and view menus (customer-facing)
Depending on how you use the Service, we may collect the following categories of data.
Email address and/or mobile phone number
Full name or business contact name
Restaurant/venue name and business information
Job title or role within the establishment
Authentication data (such as password hash, authentication tokens, login timestamps)
IP addresses and session data for security purposes
To provide full functionality, the Platform may request access to:
Camera — to photograph your menu for AI-powered digitization
File/photo library — to upload existing menu photos from your device
These permissions are requested only when you initiate the relevant action (e.g., tap "Upload photo" or "Take photo"). You can deny or revoke these permissions at any time in your device settings. Denying access will not affect other features of the Service, but you will not be able to upload menu photos directly from your device.
We do not access your camera or files in the background or without your explicit action.
When you upload content (menu items, photos, descriptions) to the Platform, we collect:
Upload timestamps and dates
User account identifier associated with each upload
File metadata (file name, size, format)
Modification history (who edited content and when)
Content identifiers and storage locations
This metadata is necessary for system operation, content management, and to comply with legal obligations.
When customers place orders through the customer-facing application, we transmit the following customer information to the restaurant:
Customer phone number
Customer email address
Customer name or contact person name
Your responsibilities as data controller:
When you receive customer contact information, you become an independent data controller for that data. This means:
You are responsible for protecting customer data in accordance with applicable privacy laws
You must use customer contact information only for legitimate purposes (order fulfillment, order-related communication)
You must not share customer contact information with unauthorized third parties
You must implement appropriate security measures to protect customer data
You must honor customer requests to opt out of marketing communications
You must comply with customer data rights requests (access, deletion, correction)
Items ordered, date, time and place of order
Table number or area (where applicable)
Order status and basic payment-related metadata (method of payment, payment status)
As a rule, payment card data is processed by external payment providers in accordance with their own privacy policies. We do not store full card numbers or CVV/CVC codes.
When a table reservation is made through the Service, we collect:
Reservation details (date, time, number of guests)
Special requests or notes related to the reservation
Reservation status and history
Cancellation or modification data
Deposit payment information (processed via Stripe)
To ensure correct display and convenient use, we collect basic technical information:
Device type (smartphone, tablet), operating system and version
Screen size, orientation and other display parameters
Browser version, language settings
IP address and other technical identifiers
Log data about app events (page loads, errors)
To improve the stability and reliability of the Service, we collect error and diagnostic information when technical issues occur:
Error messages and stack traces
Actions taken before an error occurred
Device and browser information at the time of the error
Approximate time of the error
This data is collected through Sentry, our error monitoring service, and is used solely to identify and fix technical problems.
To improve the Service and understand how it is used, we may collect:
Pages and screens viewed, time spent on each
Click/tap interactions and navigation paths
Feature usage frequency (which tools are used most)
Menu view statistics (which categories/items customers view most)
Order conversion data (menu views vs. placed orders)
Peak usage times and traffic patterns
QR code scan frequency and location (venue-level, not personal)
Search queries within menus
Language preferences and switching behavior
Session duration and return frequency
Referral sources (how users found the menu)
A/B test participation and outcomes (for feature improvements)
Aggregated demographic data (device type, OS, browser, country/city level)
This data is used to:
Provide venue owners with business insights and reports
Identify popular menu items and optimize menu layout
Understand peak hours and staffing needs
Improve the user interface and experience
Measure the effectiveness of new features
Generate industry benchmarks and aggregated statistics
Where possible, analytics data is collected in aggregated or anonymized form. Personal identification is not the goal — we seek patterns and trends, not individual tracking.
Legal bases:
Your consent (Art. 6(1)(a) GDPR) — where analytics go beyond what is strictly necessary
Our legitimate interests (Art. 6(1)(f) GDPR) — for basic service improvement analytics
Performance of a contract (Art. 6(1)(b) GDPR) — for providing analytics reports to venue owners as part of the Service
Under the GDPR we must have a legal basis for each processing purpose. Depending on the situation, we rely on:
Performance of a contract (Article 6(1)(b) GDPR)
Compliance with legal obligations (Article 6(1)(c) GDPR)
Legitimate interests (Article 6(1)(f) GDPR)
Your consent (Article 6(1)(a) GDPR)
We process your data to:
Create and manage your restaurant account on the Platform
Allow you to create and update digital menus in multiple languages
Enable you to upload menu photos and content
Process customer orders received through the customer-facing application
Manage table reservations
Provide analytics and reports about your restaurant's performance
Send service notifications (new order alerts, system updates)
Allow you to communicate with customers
Manage restaurant locations, settings, and configurations
Legal bases:
Performance of a contract (Art. 6(1)(b) GDPR)
Our legitimate interests in operating and improving the platform (Art. 6(1)(f) GDPR)
We keep history of orders and interactions with venues to:
Help customers see previous orders
Enable venues to understand customer interactions (to resolve disputes, remember preferences)
Comply with accounting, tax and consumer protection obligations
Protect our rights and the rights of venues and users in case of disputes
Legal bases:
Performance of a contract (Art. 6(1)(b) GDPR)
Compliance with legal obligations (Art. 6(1)(c) GDPR)
Our legitimate interests in service quality and dispute resolution (Art. 6(1)(f) GDPR)
We use device and technical data to:
Ensure that the Service displays correctly on your device
Remember basic settings (language, interface layout)
Maintain the security and stability of the platform
Diagnose and fix technical problems
Legal basis:
Our legitimate interests (Art. 6(1)(f) GDPR)
We use error monitoring (Sentry) to:
Detect and diagnose technical errors
Identify the root cause of problems
Prioritize bug fixes based on impact
Monitor the health and stability of the Service
Legal basis:
Our legitimate interests (Art. 6(1)(f) GDPR)
The Platform uses only essential technologies. We do NOT use:
❌ Google Analytics
❌ Firebase Analytics
❌ Meta Pixel / Facebook tracking
❌ Google Tag Manager
❌ Any advertising or marketing cookies
❌ Any behavioral tracking or profiling
What we DO use:
Sentry (Error Monitoring)
Purpose: Error detection, diagnostics, and service reliability monitoring
Data collected: Error messages, stack traces, browser/device info (anonymized)
Location: EU
Retention: 90 days
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Privacy Policy: https://sentry.io/privacy/
Cloudflare R2 (Content Storage & Delivery)
Purpose: Storing and delivering menu photos and images
Data collected: IP address, request logs (for technical operation only)
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Privacy Policy: https://www.cloudflare.com/privacypolicy/
Important notes:
We do not track your behavior for advertising or marketing
We do not sell or share your data with third parties for their own purposes
All cookies we use are strictly necessary for the Service to function
We do not:
Use your personal data to show you third-party advertising
Sell or rent your personal data
Share your data with third parties so that they can use it for their own marketing
Track your behavior across other websites or applications
Build advertising profiles or use your data for targeted marketing
As a general rule, personal data is processed within our platform and infrastructure. We do not share your personal data with third parties for their own independent purposes, except in the following limited cases:
Our Service is hosted on Railway (railway.app). Data is stored on servers that may be located in the EU or US regions.
Provider: Railway Corporation
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR) and legitimate interests (Art. 6(1)(f) GDPR)
We use Cloudflare R2 Storage for storing and delivering content (menu photos, images).
Provider: Cloudflare Inc., 101 Townsend St, San Francisco, CA 94107, USA
Cloudflare is certified under the EU-US Data Privacy Framework.
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR)
Privacy Policy: https://www.cloudflare.com/privacypolicy/
We use Stripe for processing reservation deposit payments.
Provider: Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland
Data transmitted: Name, payment card details, transaction amount, currency
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)
Privacy Policy: https://stripe.com/privacy
We use შპს „თრასთქონექთი" for sending OTP verification codes.
Data transmitted: Phone number, verification code
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)
We use Resend (resend.com) for sending verification emails and notifications.
Data transmitted: Email address, notification content
Legal basis: Performance of a contract (Art. 6(1)(b) GDPR)
Service providers and professional advisers
We may share data with IT service providers, security providers, auditors, accountants and legal advisers where this is necessary and subject to confidentiality obligations.
Authorities and legal obligations
We may disclose personal data if required to do so by law, court order or a competent authority, or to protect our rights or the rights of other persons.
Some of our service providers may process data in countries outside the EEA. Where such transfers occur, we rely on appropriate safeguards under the GDPR, such as:
Adequacy decisions of the European Commission, and/or
Standard Contractual Clauses (SCCs) approved by the European Commission
We do not keep your personal data longer than necessary for the purposes described in this Policy or as required by law.
Account and profile data: Stored while your account is active and for up to 5 years after your last interaction with the Service.
Order and transaction data: Stored for up to 5 years, taking into account accounting, tax, and consumer protection obligations.
Technical logs: Stored for up to 30 days, unless required for security incident investigation.
Tax-related data: 10 years from the end of the calendar year in which the data was created.
After the relevant retention period expires, we will either delete the data or irreversibly anonymize it.
Under the GDPR, you have the following rights regarding your personal data:
Right of access — obtain confirmation and a copy of your data
Right to rectification — correct inaccurate or incomplete data
Right to erasure ("right to be forgotten") — request deletion, subject to legal obligations
Right to restriction of processing — restrict processing in certain circumstances
Right to data portability — receive data in a machine-readable format
Right to object — object to processing based on legitimate interests
Right to withdraw consent — withdraw consent at any time
Right to lodge a complaint — with your local data protection authority
To exercise your rights, please contact us at info@tably.ge. We may need to verify your identity before responding.
You can request deletion of your personal data by contacting us at info@tably.ge.
We will process your request without undue delay and within the time limits required by GDPR. Please note that we may need to retain some data if required by law (for example, for tax and accounting purposes).
We take appropriate technical and organisational measures to protect your personal data, including:
Encryption of data in transit (HTTPS/TLS)
Access controls and authentication for systems and personnel
Regular software updates and security monitoring
Backups and disaster recovery procedures
Password hashing (industry-standard algorithms)
Rate limiting and brute-force protection
Two-factor authentication (SMS/Email OTP)
However, no system can be completely secure. If we become aware of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority where required by law.
The Platform uses only essential cookies for authentication and session management. We do NOT use advertising, analytics, or tracking cookies.
Essential cookies used:
Session cookie — maintains your login state
CSRF token — prevents cross-site request forgery attacks
Legal basis: Legitimate interests (Art. 6(1)(f) GDPR) — strictly necessary for the Service to function.
No cookie consent banner is required (ePrivacy Directive exemption for essential cookies).
The Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children under 16. If you believe that a child has provided us with personal data, please contact us and we will take appropriate steps to delete such data.
We may update this Privacy Policy from time to time. When we make material changes, we will:
Update the "Last updated" date at the top of the Policy
Provide additional notice within the Service where appropriate
We encourage you to review this Policy periodically.
For any questions about this Privacy Policy or to exercise your data protection rights, please contact:
შპს ტაბლი (Tably LLC)
საქართველო, ქალაქი რუსთავი, გიორგი ლეონიძის ქუჩა, N 24
Email: info@tably.ge